﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;

public partial class Login : System.Web.UI.Page
{
    int departID; //部门ID
    int positionID;//职位ID
    int EmployID;  //员工ID
    int Permissions;//权限

    protected void Page_Load(object sender, EventArgs e)
    {

    }


    protected void Ibtn_Login_Click(object sender, ImageClickEventArgs e)
    {
        string user = txt_User.Text;
        string pwd = txt_Pwd.Text;

        if (user == "" || pwd == "")
        {
            Response.Write("<script>alert('用户名或密码不允许为空!');</script>");
            return;
        }

        EmployID = CheckUser(user, pwd,ref Permissions);

        if (EmployID == -2)
        {
            Response.Write("<script>alert('用户名或密码错误，请重新输入！');</script>");
            return;
        }
        else
        {
            if (Permissions == 1) //管理员
            {
                Session["departID"] = 1;
                Session["positionID"] = -1;
                Session["permissions"] = 1;
                Session["employeeID"] = EmployID;
                Response.Redirect("Welcome1.aspx");
                return;
            }

            if (Permissions == 6) //普通员工
            {
                Session["employeeID"] = EmployID;
                Session["permissions"] = 6;
                string temp = string.Format("EDetaeil.aspx?ID={0}", EmployID);
                //Response.Redirect("EDetaeil.aspx");
                Response.Redirect(temp);
                return;
            }

            departID = getDeparID(EmployID, ref positionID);
            Session["departID"] = departID;
            Session["positionID"] = positionID;
            Session["employeeID"] = EmployID;
            Session["permissions"] = Permissions;

            Response.Redirect("EManage.aspx");

        }

        /*if (EmployID == -1)  //管理员
        {
            departID = 1;
            Session["departID"] = departID;
            Session["positionID"] = -1;
            Session["employeeID"] = -1;
            //Response.Redirect("Welcome1.aspx?departID=" + departID + "&&positionID=-1");
            Response.Redirect("Welcome1.aspx");
            return;
        }
        
        departID = getDeparID(EmployID, ref positionID);

        Session["departID"] = departID;
        Session["positionID"] = positionID;
        Session["employeeID"] = EmployID;
        //Response.Redirect("Welcome1.aspx?departID=" + departID + "&&positionID=" + positionID + "");
        //Response.Redirect("Welcome1.aspx");
        SelectPage();*/

    }


    /// <summary>
    /// 创建数据库连接
    /// </summary>
    /// <returns></returns>
    private SqlConnection CreateConn()
    {
        string connStr = ConfigurationManager.ConnectionStrings["ConStr"].ToString();
        SqlConnection conn = new SqlConnection(connStr);

        return conn;
    }

    /// <summary>
    /// 检查用户的合法性，无此用户返回-2，否则返回所在员工表的ID号
    /// </summary>
    /// <param name="user">用户名</param>
    /// <param name="pwd">密码</param>
    /// <param name="permissions">权限ID</param>
    /// <returns></returns>
    private int CheckUser(string user,string pwd,ref int permissions)
    {
        int result = -2;
        SqlConnection conn = CreateConn();

        try
        {
            string selectCmdStr = "SELECT * FROM tb_User WHERE UserName='" + user + "' AND UserPwd='" + pwd + "'";
            SqlCommand selectCmd = new SqlCommand(selectCmdStr, conn);

            SqlDataAdapter da = new SqlDataAdapter();
            da.SelectCommand = selectCmd;

            DataSet ds = new DataSet();
            da.Fill(ds, "tb1");
            conn .Close ();

            if (ds.Tables[0].Rows.Count > 0)
            {
                DataRow dr = ds.Tables[0].Rows[0];

                //int temp = int.Parse(dr["ID"].ToString());
                permissions = int.Parse(dr["Flag"].ToString());
                if (permissions == 1)
                {
                    result = int.Parse(dr["ID"].ToString());
                }
                else
                {
                    result = int.Parse(dr["EID"].ToString());
                }
            }
        }
        catch (Exception ex)
        {
        }

        return result;
    }

    /// <summary>
    /// 获得指定用户所在的部门ID,若返回-1表示此员工为离职或黑名单
    /// </summary>
    /// <param name="EmployID">用户ID</param>
    /// <returns></returns>
    private int getDeparID(int EmployID,ref int Position)
    {
        int DeparID = -1;
        SqlConnection conn = CreateConn();

        try
        {
            string selectCmdStr = "SELECT Name,State,Department,Position FROM tb_EmployeeInfo WHERE ID='" + EmployID + "'";
            SqlCommand selectCmd = new SqlCommand(selectCmdStr, conn);

            SqlDataAdapter da = new SqlDataAdapter();
            da.SelectCommand = selectCmd;

            DataSet ds = new DataSet();
            da.Fill(ds);
            conn.Close();

            int State = int.Parse(ds.Tables[0].Rows[0]["State"].ToString());
            if (State == 1)
            {
                DeparID = int.Parse(ds.Tables[0].Rows[0]["Department"].ToString());
                Position = int.Parse(ds.Tables[0].Rows[0]["Position"].ToString());
            }
        }
        catch (Exception ex)
        {
        }

        return DeparID;
        
    }

    /// <summary>
    /// 根据不同权限选择不同页面
    /// </summary>
    private void SelectPage()
    {

        if (departID == 2)//人事部登陆跳转到起始管理页面
        {
            Session["departID"] = 1;
            Session["positionID"] = -2;//用来判断Emanage页面控件显示
            Response.Redirect("Welcome1.aspx");
            return;
        }
        else
            if (departID == 3)
            {
                Session["positionID"] = -3;//用来判断Emanage页面控件显示
                Response.Redirect("EManage.aspx");
                return;
            }
            else
            {
                if (positionID == 3)//普通员工登陆跳转到详细信息页面
                {
                    Response.Redirect("EmplopyeeDetail.aspx?ID=" + EmployID + "");
                    return;
                }

                Response.Redirect("EManage.aspx");
                return;
            }

    }



}